1 13 14 package org.ejbca.core.model.authorization; 15 16 import java.util.ArrayList ; 17 import java.util.Collection ; 18 import java.util.Iterator ; 19 20 26 public class BasicAccessRuleSetDecoder implements java.io.Serializable { 27 28 private ArrayList currentruleset = new ArrayList (); 29 30 34 public BasicAccessRuleSetDecoder(int currentrole, Collection currentcas, Collection currentendentityrules, Collection currentendentityprofiles, Collection currentotherrules){ 35 if(currentrole != BasicAccessRuleSet.ROLE_NONE){ 36 if(currentrole == BasicAccessRuleSet.ROLE_SUPERADMINISTRATOR){ 37 currentruleset.add(new AccessRule(AvailableAccessRules.ROLE_SUPERADMINISTRATOR, AccessRule.RULE_ACCEPT, false)); 38 }else{ 39 addCARules(currentcas); 40 addOtherRules(currentotherrules); 41 if(currentrole == BasicAccessRuleSet.ROLE_CAADMINISTRATOR){ 42 currentruleset.add(new AccessRule(AvailableAccessRules.ROLE_ADMINISTRATOR, AccessRule.RULE_ACCEPT, false)); 43 44 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_CAFUNCTIONALTY, AccessRule.RULE_ACCEPT, true)); 45 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_LOGFUNCTIONALITY, AccessRule.RULE_ACCEPT, true)); 46 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_RAFUNCTIONALITY, AccessRule.RULE_ACCEPT, true)); 47 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_SYSTEMFUNCTIONALITY, AccessRule.RULE_ACCEPT, true)); 48 currentruleset.add(new AccessRule(AvailableAccessRules.ENDENTITYPROFILEBASE, AccessRule.RULE_ACCEPT, true)); 49 50 currentruleset.add(new AccessRule(AvailableAccessRules.HARDTOKEN_EDITHARDTOKENISSUERS, AccessRule.RULE_ACCEPT, false)); 51 currentruleset.add(new AccessRule(AvailableAccessRules.HARDTOKEN_EDITHARDTOKENPROFILES, AccessRule.RULE_ACCEPT, false)); 52 53 }else{ 54 addEndEntityRules(currentendentityprofiles, currentendentityrules); 55 if(currentrole == BasicAccessRuleSet.ROLE_RAADMINISTRATOR){ 56 currentruleset.add(new AccessRule(AvailableAccessRules.ROLE_ADMINISTRATOR, AccessRule.RULE_ACCEPT, false)); 57 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_CREATECERTIFICATE, AccessRule.RULE_ACCEPT, false)); 58 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_STORECERTIFICATE, AccessRule.RULE_ACCEPT, false)); 59 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_VIEWCERTIFICATE, AccessRule.RULE_ACCEPT, false)); 60 } 61 if(currentrole == BasicAccessRuleSet.ROLE_SUPERVISOR){ 62 currentruleset.add(new AccessRule(AvailableAccessRules.ROLE_ADMINISTRATOR, AccessRule.RULE_ACCEPT, false)); 63 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_VIEWLOG, AccessRule.RULE_ACCEPT, true)); 64 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_VIEWCERTIFICATE, AccessRule.RULE_ACCEPT, false)); 65 } 66 } 67 } 68 } 69 } 70 71 72 73 78 public Collection getCurrentAdvancedRuleSet(){ 79 return currentruleset; 80 } 81 82 private void addCARules(Collection currentcas){ 83 boolean allcafound = false; 84 85 Iterator iter = currentcas.iterator(); 86 ArrayList carules = new ArrayList (); 87 while(iter.hasNext()){ 88 Integer next = (Integer ) iter.next(); 89 90 if(next.equals(new Integer (BasicAccessRuleSet.CA_ALL))){ 91 allcafound= true; 92 break; 93 } 94 carules.add(new AccessRule(AvailableAccessRules.CAPREFIX + next.toString(), AccessRule.RULE_ACCEPT, false)); 95 } 96 97 if(allcafound){ 98 carules.clear(); 99 carules.add(new AccessRule(AvailableAccessRules.CABASE, AccessRule.RULE_ACCEPT, true)); 100 } 101 102 this.currentruleset.addAll(carules); 103 104 } 105 106 private void addOtherRules(Collection currentotherrules){ 107 Iterator iter = currentotherrules.iterator(); 108 while(iter.hasNext()){ 109 Integer next = (Integer ) iter.next(); 110 111 if(next.equals(new Integer (BasicAccessRuleSet.OTHER_VIEWLOG))){ 112 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_VIEWLOG, AccessRule.RULE_ACCEPT, true)); 113 }else 114 if(next.equals(new Integer (BasicAccessRuleSet.OTHER_ISSUEHARDTOKENS))){ 115 currentruleset.add(new AccessRule(AvailableAccessRules.HARDTOKEN_ISSUEHARDTOKENS, AccessRule.RULE_ACCEPT, false)); 116 } 117 } 118 } 119 120 private void addEndEntityRules(Collection currentendentityprofiles, Collection currentendentityrules){ 121 ArrayList endentityrules = new ArrayList (); 122 123 Iterator iter = currentendentityrules.iterator(); 124 while(iter.hasNext()){ 125 int next = ((Integer ) iter.next()).intValue(); 126 127 if(next == BasicAccessRuleSet.ENDENTITY_VIEW){ 128 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_VIEWENDENTITY, AccessRule.RULE_ACCEPT, false)); 129 endentityrules.add(AvailableAccessRules.VIEW_RIGHTS); 130 }else 131 if(next == BasicAccessRuleSet.ENDENTITY_VIEWHISTORY){ 132 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_VIEWENDENTITYHISTORY, AccessRule.RULE_ACCEPT, false)); 133 endentityrules.add(AvailableAccessRules.HISTORY_RIGHTS); 134 }else 135 if(next == BasicAccessRuleSet.ENDENTITY_VIEWHARDTOKENS){ 136 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_VIEWHARDTOKENS, AccessRule.RULE_ACCEPT, false)); 137 endentityrules.add(AvailableAccessRules.HARDTOKEN_RIGHTS); 138 }else 139 if(next == BasicAccessRuleSet.ENDENTITY_CREATE){ 140 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_CREATEENDENTITY, AccessRule.RULE_ACCEPT, false)); 141 endentityrules.add(AvailableAccessRules.CREATE_RIGHTS); 142 }else 143 if(next == BasicAccessRuleSet.ENDENTITY_DELETE){ 144 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_DELETEENDENTITY, AccessRule.RULE_ACCEPT, false)); 145 endentityrules.add(AvailableAccessRules.DELETE_RIGHTS); 146 }else 147 if(next == BasicAccessRuleSet.ENDENTITY_EDIT){ 148 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_EDITENDENTITY, AccessRule.RULE_ACCEPT, false)); 149 endentityrules.add(AvailableAccessRules.EDIT_RIGHTS); 150 }else 151 if(next == BasicAccessRuleSet.ENDENTITY_REVOKE){ 152 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_REVOKEENDENTITY, AccessRule.RULE_ACCEPT, false)); 153 endentityrules.add(AvailableAccessRules.REVOKE_RIGHTS); 154 }else 155 if(next == BasicAccessRuleSet.ENDENTITY_KEYRECOVER){ 156 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_KEYRECOVERY, AccessRule.RULE_ACCEPT, false)); 157 endentityrules.add(AvailableAccessRules.KEYRECOVERY_RIGHTS); 158 } 159 if(next == BasicAccessRuleSet.ENDENTITY_APPROVE){ 160 currentruleset.add(new AccessRule(AvailableAccessRules.REGULAR_APPROVEENDENTITY, AccessRule.RULE_ACCEPT, false)); 161 endentityrules.add(AvailableAccessRules.APPROVAL_RIGHTS); 162 } 163 } 164 165 addEndEntityProfiles(currentendentityprofiles, endentityrules); 166 } 167 168 private void addEndEntityProfiles(Collection currentendentityprofiles, Collection endentityrules){ 169 boolean allexists = false; 170 Iterator iter =currentendentityprofiles.iterator(); 171 172 173 ArrayList profilerules = new ArrayList (); 174 while(iter.hasNext() && !allexists){ 175 Integer next = (Integer ) iter.next(); 176 if(next.intValue() == BasicAccessRuleSet.ENDENTITYPROFILE_ALL){ 177 allexists = true; 178 break; 179 } 180 Iterator iter2 = endentityrules.iterator(); 181 String profilerule = AvailableAccessRules.ENDENTITYPROFILEPREFIX + next.toString(); 182 while(iter2.hasNext()){ 183 String nextrule = (String ) iter2.next(); 184 profilerules.add(new AccessRule(profilerule + nextrule, AccessRule.RULE_ACCEPT, false)); 185 } 186 } 187 188 if(allexists){ 189 profilerules.clear(); 190 profilerules.add(new AccessRule(AvailableAccessRules.ENDENTITYPROFILEBASE, AccessRule.RULE_ACCEPT,true)); 191 } 192 currentruleset.addAll(profilerules); 193 } 194 195 } 196 | Popular Tags |